Full Disclosure mailing list archives

Re: Empty emails example

From: "Bill Royds" <full-disclosure () royds net>
Date: Sat, 28 Feb 2004 15:40:33 -0500

 
Received from ISP about empty email I received. If it is not a spammer, it
could be a virus sending emails without the payload.

-----Original Message-----
From: Rory Irvine [mailto:rory () bytel net uk] 
Sent: February 28, 2004 3:24 PM
To: Bill () royds net
Subject: Re: spam flood


Hi,

X-SamSpade-Version: 1.14

tradeelectronically.com::  
 Your server is being used to flood send emails. Please check into its
misuse.
  ...

...

Received: from 80.76.205.232 by 24.147.39.6; Sun, 29 Feb 2004 00:46:57

+0500


...

Thanks for bringing this to our attention.

The IP address in question, 80.76.205.232, belongs to a network that is
not currently routable. Its appearance in the headers of the spam
you've received is therefore likely to be a result of a forgery by the
spammer. Unfortunately, there's not much we can do about this :(

I notice that you use the words "flood send" - did you receive multiple
spams appearing to be relayed through that IP? If so, I'd appreciate
copies of as many of the messages as possible, as it may be eveidence of
a deliberate attack against our network.

Rory Irvine
System Administrator
Bytel Ltd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Empty emails example Bill Royds (Feb 28)
- Re: Empty emails example Erik van Straten (Feb 28)
- Re: Empty emails example gabriel rosenkoetter (Feb 29)
  - RE: Re: Empty emails example Bill Royds (Feb 29)
- <Possible follow-ups>
- Re: Empty emails example Bill Royds (Feb 28)
- RE: Empty emails example Remko Lodder (Feb 28)
- RE: Empty emails example Bill Royds (Feb 28)